Over the past couple weeks I set myself a little challenge to write a little script which would

look for network printers > compare model info with default credentials info and or brute force http logins > nmap and log the ip w/ verbose but general information > also checkup on them once a week to see if creds still worked > finally store all this information locally in quite well formatted text files as well as a mysql db

I did this on the 22nd of September 2013 and am going to finish tomorrow (22nd October, local time) I've checked logs and it appears I've ended up with about ~9,500 network printers and their current creds which makes for a 49mb text file.

My question is what can or should I do with this, personally it was just a project and I'm not looking to harm anyone so if it was valuable for learning I'd like to share it but at the same time theres an obvious risk of someone just hacking the whole network and effecting a lot of people.

I even had the idea to print of a sheet to each of the printers explaining this and advising them to change their passwords.

Or maybe setup some mini network or something although I have no real network admin experience.

Are there any places where this type of harmless but sensitive information is stored in a friendly environment?

Thanks,

Brod.

EDIT:

I just turned the system off.

Below are some fun facts I got from the test, I'm also going to write this up in a more complete and formal fashion and release it at a later date.

Fun Facts

~3,000 appear to have had their password changed from the default one to either 'password', 'admin', 'administrator', 'syspass' or 'sekret'. This is just plain stupid.

~1,800 appear to have already been hacked / going off the fact they had 'hack' and or 'b*tch' in the printer name, I assume the owner did not assign this.

~400 appear to be disliked as they had 'Stupid', 'Sh*t' and or 'Dumb' in the printers name, I assume the manufacturer did not assign this.

Wow, are these on the public Internet, or do you just have access to an exceptionally large corporate network?! Printers are often overlooked as security holes in a network, pretty cool to see an actual experiment done en masse.

If you let every single entity that owns a compromised printer know that you were able to gain access to their printers as part of a study, you will almost certainly have someone who gets pissed and tries to get you in trouble. Since everything is CFAA here in the US, it would be an exceptionally bad idea here. Don't know what the rules are like down under, tho.

Your best bet, if you want to publish something without inviting the wrath of the subjects of your actual study, would be to write up your methodology, the data you collected, and your interpretation of the results. Then you can submit your paper to various publications, get the information out there, and hopefully stay under the radar. 2600 would probably get you the most hacker readership if you're looking to publish in an actual publication.

To confirm, these are on the public network and the whole test was done off an Arduino so obviously the time spent and resources used could be improved upon to gain even more results, not to mention a smarter / faster algorithm.

I read a post on Irongeek about them which originally caught my attention, and thought it'd be fun to see how many I could 'compromise'.

I've never properly published anything of significance so I might need to research that too, thank you again for the pointers.

On a side note, I'm not in the 'hacker' scene exactly although the majority or websites I find of any value are all very Web 1.0 in design - like it's the year 2000.. is there any reason for this?

You used an Arduino to do it? Definintely write it up. That's a very low CPU power platform to run an automated scan from. Several of us have had articles published in print form, so if you want help/reviews/et c. just ask!

I think everything still looks "Web 1.0" because it's been around since then and it still works. Personally, I don't have the time to put into making my personal site "Web 2.0," and at the end of the day, the information is still in a readable form. The cobbler's kids do in fact go barefoot sometimes!

entirely, the mysql database was hosted on my computer but the rest was done by Adriun (my arduino's name) although I'll be moving to RaspberryPi for any future endeavours. I've never used arduino and this was also used as a learning curve/challenge.
I'll google up on 'how to write a paper' but probably be back for some advice.